Boot verification in Android

Transcript

1. Prashant Pol
   Boot veri
   f
   ication in Android
   To ensure integrity of os and partitions
   1
   

   View Slide

2. Introduction
   Android Engineer at LINE
   Multi device experience team
   @prashantspol
   2
   

   View Slide

3. Agenda
   - Boot veri
   f
   ication signi
   f
   icance
   
   
   - Concepts
   
   
   - Veri
   f
   ication sequence
   
   
   - Veri
   f
   ication in A/B device updates
   
   
   - Rollback protection
   
   
   - Veri
   f
   ied boot 2.0
   3
   

   View Slide

4. Why boot veri
   f
   ication
   signi
   f
   icant
   4
   

   View Slide

5. Boot Android OS
   Anti-virus Anti-malware
   Google Play Protect
   periodic scans
   Phone Security
   5
   

   View Slide

6. 6
   Boot Veri
   f
   ication signi
   f
   icance
   - Security
   
   
   - Unveri
   f
   ied
   f
   irmware update
   
   
   - Data breach
   
   
   - Lack of trust
   Boot Veri
   fi
   cation is important
   What if boot veri
   f
   ication was not implemented
   

   View Slide

7. What is Boot?
   7
   

   View Slide

8. Boot process overview
   Some of piece of
   software
   Android
   launcher UI
   8
   

   View Slide

9. boot ROM bootloader linux kernel
   init process
   zygote
   process
   system
   server
   android
   launcher UI
   Boot process overview
   9
   

   View Slide

10. In simple terms,
    
    
    Ensures that all code executed during boot up was from a trusted source
    
    
    and nothing was compromised.
    Android BootVeri
    f
    ication
    10
    

    View Slide

11. History
    4.4
    7.0
    8.0
    Boot Veri
    f
    ication was introduced
    Warn user
    Prevent boot
    Standardise boot veri
    f
    ication
    Android OS
    11
    almost a decade ago
    

    View Slide

12. Root of trust
    Bootloader
    boot partition
    other partitions
    BootVeri
    f
    ication
    12
    

    View Slide

13. Root of trust
    Android perspective,
    
    
    - A cryptographic key used to sign hashes
    
    
    - Private key / Public key
    
    
    - Same key is used for future version releases
    - Foundation for secure operations
    
    
    - Designed in a way that it must be inherently trusted.
    13
    

    View Slide

14. Custom root of trust:
    
    
    - Tamper evident storage
    
    
    - Boot warning
    
    
    - User’s physical con
    f
    irmation required
    Hardware backed root of trust is considered to be most secure.
    
    
    - in processor chip / system on chip (SoC)
    Root of trust (cont…)
    Why ??
    14
    

    View Slide

15. - Approved by manufacturer
    
    
    - Signed with manufacturer’s root of trust
    
    
    - Boot veri
    f
    ication applied
    Original OS
    What if want to install custom os ?
    - Custom OS => Custom Root of Trust
    
    
    - Relax boot veri
    f
    ication
    
    
    - How boot loader know about it ?
    15
    

    View Slide

16. Device State
    LOCKED
    UNLOCKED
    - Prevents flashing custom os version
    
    
    - Checks and warns during boot
    - Can flash custom os version
    
    
    - Boot checks are relaxed
    Device state
    16
    

    View Slide

17. - Physical interaction required
    
    
    - User’s data partition is wiped out
    
    
    - RAM will be reset
    
    
    - User can flash custom os image
    - Settings > System > Developer Options > OEM unlocking (ON)
    
    
    - fastboot flashing unlock
    LOCKED UNLOCKED
    State changes
    17
    

    View Slide

18. - fastboot flashing lock
    
    
    -Settings > System > Developer Options > OEM unlocking (OFF)
    - Cannot flash any custom os image
    
    
    - Device reset
    
    
    - Reselling
    LOCKED
    UNLOCKED
    State changes (cont…)
    18
    

    View Slide

19. Root of trust
    Bootloader
    Boot partition
    Other Partitions
    BootVeri
    f
    ication
    19
    

    View Slide

20. Partitions
    boot
    system
    Kernel image
    recovery
    Android framework
    Stores recovery image during OTA
    userdata User installed apps and data
    vendor Vendor speci
    f
    ic binary not distributable with AOSP
    20
    

    View Slide

21. Partition veri
    f
    ication
    boot
    Not only boot up code or kernel. But need to verify partitions as well.
    dtbo
    system
    vendor
    • Small partitions
    
    
    • Can be loaded into RAM to calculate hash
    • Big partitions
    
    
    • Can not be loaded into RAM entirely to calculate hash
    Each partition’s hash is calculated and saved at the start or end of the partition.
    )PXUPIBTI#*(QBSUJUJPOT
    21
    

    View Slide

22. Big partitions are read from disk using tree hashing.
    Tree hashing
    partition data in bytes
    Random
    salt
    Partition
    Hash
    22
    

    View Slide

23. Tree hashing (cont…)
    partition data in bytes
    4K 4K 4K 4K 4K 4K 4K 4K 4K 4K 4K 4K
    appended hashes
    4K 4K 4K 4K 4K 4K 4K 4K 4K
    Layer 1
    Layer 2
    Layer 3 appended hashes
    4K 4K 4K 4K 4K 4K
    Layer 4 4K
    Root Hash
    23
    

    View Slide

24. Agenda
    - Boot veri
    
    
    - Concepts
    - Veri
    f
    ication sequence
    - Veri
    
    
    - Rollback Protection
    
    
    - Veri
    f
    24
    

    View Slide

25. Veri
    f
    ication sequence
    Root of trust
    Start booting
    Calculate hash of next code to execute
    Compare with pre-calculated hash
    Is hash comparison success Veri
    f
    ication Error
    Fail
    Success
    25
    

    View Slide

26. Handling Veri
    f
    ication Error
    Boot
    Start Run time
    Set error
    f
    lag
    Restart
    User handling required
    Success
    26
    

    View Slide

27. Device State
    LOCKED ?
    Valid OS ? Valid OS ?
    Cannot
    Boot
    Warn user eio mode?
    Show eio
    screen
    BOOT OS
    N Y
    N
    Y
    Boot
    f
    low (simpli
    f
    ied)
    N
    Y
    Y
    N
    Y
    N
    27
    

    View Slide

28. Agenda
    - Boot veri
    
    
    - Concepts
    
    
    - Veri
    f
    - Veri
    f
    ication in A/B device updates
    - Rollback Protection
    
    
    - Veri
    f
    28
    

    View Slide

29. Slot A Slot B
    A/B device updates
    Over-the-air (OTA) update.
    - update_engine daemon
    
    
    - Streamed installation
    Slot A Slot B
    In Use
    Idle
    New version update
    29
    

    View Slide

30. SLOT A SLOT B
    OTA update
    Active
    isBootable = true
    Boot from slot A
    Boot from
    slot B
    isActive = true
    Passive
    Active isSuccessful = true
    Success
    Success
    Failure
    Failure
    Passive
    A/B device update (cont…)
    30
    

    View Slide

31. Agenda
    - Boot veri
    
    
    - Concepts
    
    
    - Veri
    
    
    - Veri
    f
    - Rollback Protection
    - Veri
    f
    31
    

    View Slide

32. Rollback Protection
    Android Phone
    OS Other OS version
    ?
    v10 v8
    Installed version (rollback index) is important.
    32
    >
    

    View Slide

33. Agenda
    - Boot veri
    
    
    - Concepts
    
    
    - Veri
    
    
    - Veri
    f
    - Veri
    f
    ied boot 2.0
    - Rollback Protection
    33
    

    View Slide

34. vbmeta
    hash of
    boot
    Hash tree metadata
    of system
    Hash tree metadata
    of vendor
    (Signed by key)
    Veri
    f
    ied boot 2.0
    - Android veri
    f
    ied boot
    
    
    - Android 8.0
    
    
    - Standardised partition footer
    vbmeta struct:
    
    
    - Central data structure
    
    
    - Rollback indexes
    
    
    - Chained partition support 34
    

    View Slide

35. VBMeta digest
    Digest = hash over all vbmeta structs (including chained partitions).
    Digest is used to verify authenticity
    Digest & keys from hardware backed attestation used to cross verify.
    35
    

    View Slide

36. Provides boot state with enum Veri
    f
    iedBootState.
    HW Attestation
    - Veri
    f
    ied
    
    
    - SelfSigned
    
    
    - Unveri
    f
    ied
    
    
    - Failed
    36
    

    View Slide

37. Conclusion
    • Boot veri
    f
    ication is important to trust device.
    
    
    • If boot was compromised then any additional security application or any piece of
    software cannot be trusted.
    
    
    • Cryptographic hashing & signing is used to ensure authenticity of executed code.
    
    
    • After boot up, hardware backed key attestation data could be used in user space to
    decide authenticity of boot up.
    37
    

    View Slide

38. References
    -https://source.android.com/docs/security/features/veri
    f
    iedboot
    
    
    -https://source.android.com/docs/security/features/veri
    f
    iedboot/device-state
    
    
    -https://source.android.com/docs/security/features/veri
    f
    iedboot/veri
    f
    ied-boot
    
    
    -https://source.android.com/docs/security/features/veri
    f
    iedboot/boot-flow
    
    
    -https://android.googlesource.com/platform/external/avb/+/master/README.md
    
    
    -https://source.android.com/docs/security/features/veri
    f
    iedboot/dm-verity
    
    
    -https://android.googlesource.com/platform/hardware/interfaces/+/master/boot/1.0/IBootControl.hal
    
    
    -https://developer.android.com/training/articles/security-key-attestation
    
    
    -https://source.android.com/docs/core/architecture/partitions
    
    
    -https://source.android.com/docs/core/ota/ab
    
    
    -https://android.googlesource.com/platform/external/avb/+/master/README.md#the-vbmeta-digest
    
    
    and many more…
    38
    

    View Slide

39. Thank you
    39
    

    View Slide